AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/aws-managed-rule-groups-atp.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout document to clarify relationship between concepts

Security assessment

Changes are purely terminological clarifications about web ACL/protection pack relationships. No security vulnerabilities, mitigations, or new security features are mentioned. Updates maintain existing security documentation consistency but don't introduce new security content.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-atp.md b/waf/latest/developerguide/aws-managed-rule-groups-atp.md
index a8323b92c..ab687da42 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-atp.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-atp.md
@@ -46 +46 @@ To keep your costs down and to be sure you're managing your web traffic as you w
-This rule group isn't available for use with Amazon Cognito user pools. You can't associate a protection pack or web ACL that uses this rule group with a user pool, and you can't add this rule group to a protection pack or web ACL that's already associated with a user pool.
+This rule group isn't available for use with Amazon Cognito user pools. You can't associate a protection pack (web ACL) that uses this rule group with a user pool, and you can't add this rule group to a protection pack (web ACL) that's already associated with a user pool.
@@ -50 +50 @@ This rule group isn't available for use with Amazon Cognito user pools. You can'
-This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack or web ACL. AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). 
+This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack (web ACL). AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). 
@@ -99 +99 @@ Following the prefix, the rest of the label provides detailed token status infor
-    * A domain specification that's valid for the protection pack or web ACL. 
+    * A domain specification that's valid for the protection pack (web ACL). 
@@ -109 +109 @@ Along with the rejected label, token management adds a custom label namespace an
-    * `rejected:expired` – The token's challenge or CAPTCHA timestamp has expired, according to your protection pack or web ACL's configured token immunity times. 
+    * `rejected:expired` – The token's challenge or CAPTCHA timestamp has expired, according to your protection pack (web ACL)'s configured token immunity times. 
@@ -111 +111 @@ Along with the rejected label, token management adds a custom label namespace an
-    * `rejected:domain_mismatch` – The token's domain isn't a match for your protection pack or web ACL's token domain configuration. 
+    * `rejected:domain_mismatch` – The token's domain isn't a match for your protection pack (web ACL)'s token domain configuration. 
@@ -115 +115 @@ Along with the rejected label, token management adds a custom label namespace an
-Example: The labels `awswaf:managed:captcha:rejected` and `awswaf:managed:captcha:rejected:expired` together indicate that the request didn't have a valid CAPTCHA solve because the CAPTCHA timestamp in the token has exceeded the CAPTCHA token immunity time that's configured in the protection pack or web ACL.
+Example: The labels `awswaf:managed:captcha:rejected` and `awswaf:managed:captcha:rejected:expired` together indicate that the request didn't have a valid CAPTCHA solve because the CAPTCHA timestamp in the token has exceeded the CAPTCHA token immunity time that's configured in the protection pack (web ACL).
@@ -176 +176 @@ The thresholds that this rule applies can vary slightly due to latency. A few re
-AWS WAF only evaluates this rule in protection pack or web ACLs that protect Amazon CloudFront distributions.
+AWS WAF only evaluates this rule in protection packs (web ACLs) that protect Amazon CloudFront distributions.
@@ -185 +185 @@ The thresholds that this rule applies can vary slightly due to latency. It's pos
-AWS WAF only evaluates this rule in protection pack or web ACLs that protect Amazon CloudFront distributions.
+AWS WAF only evaluates this rule in protection packs (web ACLs) that protect Amazon CloudFront distributions.